VMware Cloud Community
TheVMinator
Expert
Expert
‎02-11-2015 05:40 AM
Jump to solution

Importing Data in a multitenant environment

I need a solution in a multitenant environment where customers can send large amounts of data by mail on a physical storage device, and we can import it into the datacenter.  How should I design my infrastructure for this?  Should I create a an intermediate storage solution where I can plug in a USB device and copy it onto a special datastore that has special security and containment, and then selectively allow that to be transferred to selective areas only?  The issue is that if the customer needs to give us a virtual machine to import with 4TB of data there is no good way to upload it where we would have proper network controls in place to scan the data and secure what can be done over the vpn connection.

However if a storage device can be walked into the datacenter that we don't know what is on it, it could have potentially anything on it.  What does the right design for allowing this to happen look like when I determine what that customer USB storage device will connect to and where the entry point for that data will be into our environment?

Reply
0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership
‎02-13-2015 06:04 AM
Jump to solution

Hello,

You could, but mostly you would do that before as the data is loaded just to be sure. You have your 'ingress trustzone' and 'transfer trustzone' and then 'tenant'. This way your ingress device (USB over IP, whatever) cannot directly touch a tenant. I put what I consider each zone to be in parenthesis.

Ingress: (Red, untrusted, outside)

USB over IP w/target ingress VM w/Tenant Data VMDK.

You can check for malware here if you desire but since this VM is USB connected I would just say it is corrupt and accept it.

After transfer disconnect the Tenant Data VMDK.

Transfer: (Orange: inspect, trusted, DMZ)

Mount the 'Tenant Data VMDK' to a transfer VM.

Do all your checking for AV, etc. Clean any of the data as necessary.

Yes listen on the network for 'call home', etc.

Ensure the Transfer Zone is pristine and clean.

When you are SURE there are no issues:

Then transfer the data to the Tenant Zone directly if small enough or unmount the Tenant Data VMDK.

Tenant Zone (Green, trusted, internal)

Mount the Tenant Data VMDK to the VM that requires it.

Hook up the application

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

Reply
0 Kudos
5 Replies
Netwrix
Enthusiast
Enthusiast
‎02-11-2015 06:09 AM
Jump to solution

Well I'm trying to imagine but... deploy dedicated storage with usb port (dedicated file server?) and let customer use it, he won't have to upload anything just plug-in usb something to storage, all other steps are up to you (mount drive, check what's inside.. etc). Restrict access to that storage using zoning for example. Are you going to use vApps for transferring vm's?

Reply
Texiwill
Leadership
Leadership
‎02-11-2015 06:47 AM
Jump to solution

Hello,

Yes, segregate as much as possible. Anything entering your datacenter should be first checked, so your steps seem pretty appropriate.

USB or other Device over IP<-> Segregated connection device (movable between or per tenant) <-> segregated network (perhaps by port so movement is just change the location into which the device is connected?) <-> FW <-> Transfer Network (per tenant) <-> FW <-> Proper production network (per tenant)

Storage would be segregated the same way. The goal is to place something like this in a location that you can run antimalware, etc against it. Then move it into a staging area for deployment to production. Process and nature of this would ensure that only a handful of items are handled at a time and nothing from more than one tenant (unless you have multiple ingress devices to multiple tenant transfer networks). Ensure no two tenants data EVER co-mingles.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
TheVMinator
Expert
Expert
‎02-13-2015 05:34 AM
Jump to solution

Ok great input.  As far as the transfer network in your sequence of network segments, what would live or happen in that network?  Would I inspect packets with some kind of device in there?  Other than that segment being bounded by two firewalls, What would be the other function(s) of that network?

Reply
0 Kudos
Texiwill
Leadership
Leadership
‎02-13-2015 06:04 AM
Jump to solution

Hello,

You could, but mostly you would do that before as the data is loaded just to be sure. You have your 'ingress trustzone' and 'transfer trustzone' and then 'tenant'. This way your ingress device (USB over IP, whatever) cannot directly touch a tenant. I put what I consider each zone to be in parenthesis.

Ingress: (Red, untrusted, outside)

USB over IP w/target ingress VM w/Tenant Data VMDK.

You can check for malware here if you desire but since this VM is USB connected I would just say it is corrupt and accept it.

After transfer disconnect the Tenant Data VMDK.

Transfer: (Orange: inspect, trusted, DMZ)

Mount the 'Tenant Data VMDK' to a transfer VM.

Do all your checking for AV, etc. Clean any of the data as necessary.

Yes listen on the network for 'call home', etc.

Ensure the Transfer Zone is pristine and clean.

When you are SURE there are no issues:

Then transfer the data to the Tenant Zone directly if small enough or unmount the Tenant Data VMDK.

Tenant Zone (Green, trusted, internal)

Mount the Tenant Data VMDK to the VM that requires it.

Hook up the application

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009-2015

Author of the books 'VMWare ESX and ESXi in the Enterprise: Planning Deployment Virtualization Servers', Copyright 2011 Pearson Education. 'VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment', Copyright 2009 Pearson Education.

Virtualization and Cloud Security Analyst: The Virtualization Practice, LLC -- vSphere Upgrade Saga -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
TheVMinator
Expert
Expert
‎02-17-2015 07:28 AM
Jump to solution

ok great thanks

Reply
0 Kudos